In this guided exercise, you will apply what you've learned so far to capture and analyze network traffic using Wireshark.
You will start as they all start, with ping, the “Hello World” of networking. Like the sonar ping of submarines and depth finders, you will bounce some electricity off targets to see if they respond. You will make each host ping every other host in the environment to confirm everyone is online.
Following that, you’ll conduct a file transfer, gain remote access to a machine, and login to a web application – three fairly canonical operations in the world of networking. This should provide a balanced meal for a new wire shark. Time to liven up the wires.
Ready. Set. Go.
It’s not often you will be looking through packets in a live capture. Analysis is usually conducted after the fact, such as a SOC Analyst reviewing a capture file to investigate an alert generated by their Intrusion Detection or Prevention System (IDS/IPS). That computer whiz in popular media, lines of program output racing by on their computer screen? They’re just waiting for the execution to complete before consulting the logs. Wait until you’ve captured a full transcription of the network activity, then you can review it on-demand.
If you’re curious about the other available Wireshark filters, check out the following cheat sheet: https://www.stationx.net/wireshark-cheat-sheet.
You’ll also find a Wireshark Command Generator where you can describe what you’d like Wireshark to do in plain English and have that request converted into a ready-to-use Wireshark display filter. Neat!
Now that you’ve had some guided practice and grown your baby wire shark teeth, it’s time to conduct some packet analysis on your own. We’ll provide a capture file for you to sink your teeth into.